Original source: GigamonTV
This video from GigamonTV covered a lot of ground. 9 segments stood out as worth your time. Everything below links directly to the timestamp in the original video.
Understanding how state-level hackers use common devices to create undetectable backdoors highlights the urgent need for enhanced network security. Your home router or office IoT device could be part of a larger, unseen cyber weapon.
Network Visibility Crucial to Uncover Stealthy State-Level Cyber Threats
Organisations face significant unknown risks from devices like IoT, which can be compromised due to outdated ciphers and expired certificates. State-level threat actors are exploiting this vulnerability by replacing firmware on older routers to establish sophisticated "onion routing" networks. These covert operations are nearly impossible for internal security teams to detect without advanced application-level network visibility.
Traditional network logging and single sources of truth, such as firewalls and routers, are often insufficient to identify these stealthy intrusions. A parallel, second source of truth for network logs, offering application awareness, is becoming essential. This approach allows security practitioners to detect anomalies, like unexpected self-signed certificates on critical network devices, before they escalate into major breaches, such as ransomware attacks.
"If you have a 10-year-old Netgear that's been online and never been touched, it's probably had its software replaced by some threat actor, and that allows them remote access."
One in Three Cyber Breaches Go Undetected, Mandiant and Gigamon Research Shows
Recent research by Gigamon and Mandiant reveals that as many as one in three cyber breaches go undetected by organisations, often only coming to light through ransomware demands or system outages. The primary issue stems from the inadequacy of traditional full-stack observability and network logging, which lack crucial application awareness. This blind spot leaves organisations vulnerable to lateral movement within their networks and the use of non-standard ports by attackers, which current systems fail to flag.
Perimeter defenses, while strong, are insufficient against threats that have already infiltrated the network and are moving internally. The reliance on network logs, which were not designed to provide application-level insight, prevents comprehensive visibility into these internal threats. Enhanced application awareness is critical for identifying both known and unknown applications, aligning with compliance frameworks like PCI and Zero Trust that demand full knowledge of network assets.
"As many as one in three breaches go undetected, and sometimes an organization finds out they've been breached because the ransomware actor asks for money."
Gigamon Partnerships Enhance Network Detection and Response with Application Visibility
Gigamon leverages strategic alliances to enhance cybersecurity without storing, acting on, or alerting data directly. Instead, the company provides application-level visibility to existing Network Detection and Response (NDR) tools, expanding their reach across the network. This approach offers a crucial "second source of truth" for network logging, complementing existing security infrastructures by feeding them actionable, filtered data.
The benefit of this strategy is twofold: it improves detection capabilities by extending NDR coverage to previously inaccessible network corners and significantly reduces operational costs. By de-duplicating traffic and sending only necessary data to NDR tools, Gigamon helps customers save on ingest, compute, and bandwidth expenses, making existing security investments more efficient and prolonging their lifecycle.
"We don't store the data, we don't take action on the data, we don't alert the data, and that's good because you get to keep all of your existing tools."
Application-Level Network Awareness Crucial for IoT Security and Micro-segmentation
Tracy highlights the critical and unique nature of application-level awareness in network security, a capability she believes is not widely available. Steven, drawing from his 11 years as a network engineer at TippingPoint, reinforces this, noting the challenges of detecting network changes purely from logs. He stressed that without robust network visibility, especially for Internet of Things (IoT) devices and micro-segmentation, organisations face significant unquantified risks.
The proliferation of IoT devices, particularly in sectors like healthcare, creates substantial security vulnerabilities. Effective mitigation strategies, such as segmentation and micro-segmentation, are difficult to implement without a clear view of network traffic and device behavior. This lack of visibility represents a major blind spot, leaving organisations unable to address risks until they understand what devices and applications are active on their networks.
"What about IoT? We're kind of forgetting about IoT. If you're a point of sale device, if you're a medical device, this is why all the hospitals are getting in trouble."
Bridging the Communication Gap: Engineers Must Translate Tech to Business Value for C-Suite
A significant communication gap often exists between engineers and C-level executives regarding technology solutions. Engineers, accustomed to technical specifics, must learn to articulate problems in terms of business impact, risk mitigation, and cost savings to resonate with leadership. This is particularly crucial when discussing cloud solutions, where traditional tools may be inefficient and incur unexpected costs due to consumption-based billing models.
Explaining that a new firewall offsets a specific level of business risk, rather than simply detailing its technical capabilities, makes it a worthwhile investment from an executive perspective. Without this translation, technological advancements can appear as mere costs rather than strategic assets, leading to missed opportunities for enhanced security and operational efficiency.
"When you're trying to solve a problem for say in the cloud, tell the cloud operation person the problem you're trying to solve and they may get there a totally different way."
Rise of Chief Risk Officer Reflects Growing Cyber Threat Costs
The emergence of the Chief Risk Officer (CRO) highlights an increasing focus on mitigating cybersecurity risks within organizations, driven by the substantial financial costs associated with inadequate protection. Unlike other departmental budgets, cybersecurity allocations are often protected because the financial impact of a breach far surpasses the investment in preventative tooling. This shift acknowledges that effective cybersecurity is not just a technical necessity but a critical financial safeguard.
Despite increased investment, the industry remains more adept at recovering and remediating breaches than at proactively detecting and protecting against them. This disparity creates a lack of positive feedback for successful prevention, as averted attacks often go unnoticed. Consequently, organisations frequently find themselves in a reactive stance, underscoring the ongoing challenge of achieving robust, proactive cyber defense.
"We're very good at recover, remediate for a breach, very good. We're not good at detect, protect because there's no positive feedback loop when you get it right."
State-Sponsored Cyber Attacks Intensify Global Threat Landscape
The global cyber threat landscape has drastically evolved, moving beyond individual hackers to organised, often state-sponsored groups whose primary function is to penetrate network defenses. These groups operate openly and are frequently encouraged by their respective governments, transforming cybersecurity into a low-grade conflict. This shift renders traditional "security through obscurity" tactics obsolete, introducing undefined and unmeasured risks for organisations.
Recent incidents, such as "Midnight Eclipse" involving Cisco and "Arcane Door" affecting Palo Alto networks, demonstrate that even organisations not directly targeted can fall into the "blast radius" of widespread vulnerabilities. These events necessitate urgent, complex firewall reboots and changes, underscoring the pervasive nature of modern cyber warfare and the critical need for constant vigilance and proactive defense strategies against sophisticated, well-resourced adversaries.
"It's no longer the hacker in the basement who is trying to get to your company. These are organized, often state-sponsored groups."
Compliance Frameworks Bridge Gap Between Technical and Executive Cyber Concerns
Organisations can effectively communicate cybersecurity risks and costs to leadership by framing network visibility through established compliance frameworks such as Zero Trust and PCI. This approach helps bridge the communication gap between tactical practitioners and strategic C-level planners, who often face pressure to implement these frameworks without additional resources. By translating technical problems into quantifiable risks and potential cost savings, practitioners can better gain executive attention and secure necessary investments.
For example, demonstrating how enhanced visibility reduces troubleshooting time by 90% speaks directly to cost savings in engineering cycles and downtime. This method helps executives understand the tangible benefits of cybersecurity initiatives, moving discussions beyond abstract technical details to concrete business impacts that address leadership's core concerns about risk and financial efficiency.
"Tell them that you have a level of unknown or unquantified risk that you've discovered and that'll better get their attention and then if you can somehow pivot that into cost for example it now takes 90% less time to troubleshoot a problem that's cost."
AI-Enhanced Cyber Attacks Demand High Hygiene and Comprehensive Visibility
The cyber threat landscape is rapidly accelerating, largely driven by adversaries leveraging Artificial Intelligence to enhance the speed and sophistication of their attacks. To combat these advanced threats, organisations critically need to maintain high levels of cybersecurity hygiene, comprehensive network visibility, and robust architectural connectivity. These measures are essential for understanding and protecting complex digital environments.
Compounding the challenge are ongoing talent shortages and skill gaps within the cybersecurity sector, which make it difficult for organisations to keep pace with evolving threats. Therefore, creating an easy-to-use security ecosystem that provides deep visibility and observability is paramount. This allows teams to effectively manage risks and respond to threats, even with limited resources.
"The adversaries are leveraging AI to be faster, to be better at what they do, and I think that in order for us to be able to combat that, I do think that a high level of hygiene, visibility, and connectivity in your architecture is really critical."
Also mentioned in this video
- WWT's Advanced Technology Center (ATC) as a key differentiator, a… (2:02)
- In understanding the limits of AI due to his networking background, noting its… (7:39)
- Tracy mentions WWT's $500 million investment in an AI Proving Ground with… (9:11)
- Tracy agrees that AI is a new frontier but also a tool for efficiency and… (12:21)
Summarised from GigamonTV · 23:43. All credit belongs to the original creators. Streamed.News summarises publicly available video content.
